I'm known for my strong views on mobile technology, online media, and the effect this has on and communication will have on the public conscious and existing businesses.
I've been following this space for over ten years, working with a number of publishers, publications and media companies, some for long periods of time, others for commissions, one-off pieces or a series of articles or shows.
As Scotland’s first podcaster, I continue to be a prominent voice in the rise of podcasting and new media online, and picked up a British Academy (BAFTA) nomination for my annual coverage of the Edinburgh Festival Fringe, alongside contributions to Radio 5 Live, the BBC World Service, presenting Edinburgh local radio's coverage of the General Election.
You'll find me on Twitter (@Ewan), Facebook, and Google Plus.

Path's Privacy Issues and the UK's Data Protection Act [Updated]

Social network Path has a bit of a problem – they’ve been caught uploading user’s address books to their servers without explicit permission. While it might make finding friends easier for the user, the fact it was ‘hidden’ has not gone down well. They’ve started to roll out an opt-in feature to their photo sharing software on the Android Client, with a similar option due to appear in the iOS.

From the American point of view, it’s a PR issue that requires explaining and a clear message from the team, and to be fair to CEO Dave Morin, he has apologised and explained the next steps.

But there might be a bit more of a headache in the UK. On my reading, Path is in breach of the Data Protection Act. The usual internet caveat of “I am not a lawyer” is in effect, but the plain English notes on the Information Commissioners website on the ‘fair’ use of data stress that the end users must know what is happening. Which is not the case with Path.

Fairness generally requires you to be transparent – clear and open with individuals about how their information will be used. Transparency is always important, but especially so in situations where individuals have a choice about whether they wish to enter into a relationship with you. If individuals know at the outset what their information will be used for, they will be able to make an informed decision about whether to enter into a relationship, or perhaps to try to renegotiate the terms of that relationship. Assessing whether information is being processed fairly depends partly on how it is obtained. In particular, if anyone is deceived or misled when the information is obtained, then this is unlikely to be fair.

Path wouldn’t be the first American company to realise that how the UK (and Europe) want companies to behave around personal data is not in sync with the standard Silicon Valley viewpoint, and they won’t be the last.

We believe that this type of friend finding & matching is important to the industry and that it is important that users clearly understand it, so we proactively rolled out an opt-in for this on our Android client a few weeks ago and are rolling out the opt-in for this in 2.0.6 of our iOS Client, pending App Store approval.

The Data Protection Act is there to protect people from land-grabs such as this. Right now, Path is breaking the law in the UK.

If you operate in the UK, you follow the laws of the UK. Path has a huge subscription base, and they must be aware of how many of their users are from east side of the Atlantic. Short of geo-locking the service to stay inside America, information based start-ups (which means pretty much any social network) need to be very aware of what they do with personal data.

In the same breath, all that is needed is to be very British, and ask politely. If Path had done that in the first place and baked it into their operational methods, rather than wait until it became “an issue” they wouldn’t be in the pickle they are in just now.

[Update: 2030 GMT Feb 8th, 2012]

Path’s CEO Dave Morin has made a statement, and I’d draw your attention to two points (with my emphasis):

As our mission is to build the world’s first personal network, a trusted place for you to journal and share life with close friends and family, we take the storage and transmission of your personal information very, very seriously. Through the feedback we’ve received from all of you, we now understand that the way we had designed our ‘Add Friends’ feature was wrong. We are deeply sorry if you were uncomfortable with how our application used your phone contacts… as a clear signal of our commitment to your privacy, we’ve deleted the entire collection of user uploaded contact information from our servers.

Post Your Comment

Post Your Reply

Forbes writers have the ability to call out member comments they find particularly interesting. Called-out comments are highlighted across the Forbes network. You'll be notified if your comment is called out.

Comments

Thanks, Ewan – I was going to follow this up, but too much on! I joked in a radio interview once that the last great war was going to be Facebook versus Germany, and it does feel like the interaction of US SOP and European data law is going to keep on ramifying…